FEATURE: change SSO to use sha256 HMAC, which is more secure

2014-02-26 09:44:41 +11:00 · 2014-02-26 09:44:41 +11:00 · 890d06ac04
parent 8cbff3672f
commit 890d06ac04
1 changed files with 1 additions and 1 deletions
--- a/lib/single_sign_on.rb
+++ b/lib/single_sign_on.rb
@ -43,7 +43,7 @@ class SingleSignOn
  end

  def sign(payload)
-    Digest::SHA2.hexdigest(payload + sso_secret)
+    OpenSSL::HMAC.hexdigest("sha256", sso_secret, payload)
  end